You may not have to pay, but someone does, and that person is the owner, who probably assumed that the “lock” on the phone actually did – how can I put this without sounding tautological? – lock the phone part of the phone.

A keen iOS 7 early adopter from Ramallah in the West Bank, Karam Daoud, now apparently a business development guy but who worked in bug testing in the mobile space in a previous life, found the flaw.

Unlike the first widely-publicised lockscreen bypass, there isn’t an easy workaround for this one.

The previous one was the “all your photos are belong to a social network whether you wanted it or not” flaw we wrote about last week.

That one can be worked around by removing access to Control Center from the lockscreen.

The new flaw involves telling the lockscreen you want to make an emergency call, which is a option that, understandably, can’t be turned off. (You can even make emergency calls without a SIM card, let alone with the phone locked – and that really is a feature, not a bug.)

Then you simply dial the number you want – the emergency call interface apparently doesn’t limit what you can dial, merely where you can connect after doing so.

Instead of just pressing [Call], however, you apply bug-finder’s dexterity and press [Call] repeatedly and rapidly.

It seems that if you are insistent enough, and get the cadence of your clicks just right, iOS gives in and connects you to the number anyway.

→ An earlier iOS lockscreen hole involved actally placing emergency calls and then hanging up, hopefully before they went through. We strongly urged you not to try that exploit, even on your own device, as we considered it a rotten, and very likely illegal, thing to do. Here, you use the emergency call screen merely to get the option to dial, but no emergency call is made.

In other news, there’s already been an iOS 7 update, taking superearly adopters to 7.0.1.

But that update doesn’t appear to be a response to either of lockscreen bugs.

Post navigation

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too.
Follow him on Twitter: @duckblog

3 comments on “Another iOS 7 lockscreen hole opens up – call anywhere in the world for free!”

Actually Paul, there's an easier way to make a call when an iPhone is locked – simply use Siri and it works perfectly unless it was specifically explicitly disabled in the passcode setup. That's a feature by the way not a bug and as for the 'make calls anywhere in the world', that's often not the case because carriers often disable international calling unless requested or you request it be disabled. You might have recommended that people enable and change their SIM PIM for additional security, and of course one can call their carrier to deactivate the SIM card.

This type of bug routinely pops up on Android devices (e.g. google 'another lockscreen security bug found in Samsung Android phones); do you use the same level of hyperbole for them?